wbinfo -u does not show AD users (is empty)

Question

We have a problem on a Ubuntu Server 14.04 (fileserver) connected to AD on a Windows Server 2008 R2 using Samba (version 4.3.8)/WinBind and Kerberos. The problem is that users do not have writing permissions in their personal folders.

We also noted that when using wbinfo -u, the output does not give an error but produces an empty list and it does not even show local users. However, wbinfo -g correctly shows the AD groups.

This setup worked fine until yesterday. We set up another fresh Ubuntu server configured identically and it produced the same problem.

Joining and trust with AD works fine:

net ads join -U administrator
Enter administrator's password:
Using short domain name -- NTB
Joined 'UBUNTUTEST' to dns domain 'NTB.local'

Any idea what the problem may be or how we can troubleshoot it further?

score 3 · Accepted Answer · answered May 01 '16 at 18:36

3

Try to add the following line to your smb.conf:

client ldap sasl wrapping = plain

It seems as this has caused some trouble lately.

answered May 01 '16 at 18:36

Randy

190
1
11

Thx. This indeed permitted us to show the AD users again although unfortunately the AD users still do not have writing permissions in their home-folders. However, "getent passwd" seems to show correct data. Any further ideas how to troubleshoot the issue/s? – moster67 May 02 '16 at 14:18
Permissions are also handled by the filesystem. Make sure the users have sufficient permissions on filesystem level. You also might want to add the `acl` option to your `fstab`. – Randy May 03 '16 at 08:04

wbinfo -u does not show AD users (is empty)

1 Answers1